Information Security Analyst

About the Role:

We are looking for an information security professional with 2+ years experience in technology operations, technology audit, or GRC. The successful candidate in this role will perform a variety of governance, risk, and compliance activities related to security. Examples of assigned activities will include perform risk assessments for SaaS applications, consulting with application owners to apply strong logical access controls, monitoring and reporting on the timely remediation of vulnerabilities, or gathering evidence to support audits or examinations.

As a technology-driven financial services company, managing information security risk is critical to the trust that we foster with our clients, investors, and regulators. This role will operate within our Govern & Control team, which is a small independent (second line-of-defense) team which is integrated with the broader security program. The role reports to the Director of Information Security, and works closely with the security teams within engineering, lines of business throughout the company, and other risk management teams including Compliance and Legal.

This role is based out of our NYC office. Below we've reflected the base salary range for this position. Actual salaries may vary depending on factors including but not limited to location, experience, and performance. The range listed is just one component of Betterment’s total compensation package for employees. 

• New York City: $115,000-$125,000
  
  

This job may also be eligible for variable compensation in the form of a company incentive bonus. 

A Day in the Life:

• Operates assigned risk management processes such as vulnerability monitoring, due diligence questionnaire completion, audit or examination evidence gathering. A number of AI and automation tools will be available to facilitate increasing efficiency and scale in this work over time. The role will have some flexibility for specialization among the team.
• Perform application-level risk assessments by interviewing and documenting the key business processes and risks related to an application, and providing guidance regarding strong logical access controls to reduce risk. When appropriate, document issues and foster management attention related to remediation for control deficiencies.
• Perform due diligence or ongoing monitoring activities to evaluate security risks introduced through third-party relationships or applications or tools used by employees.
• Contribute to security awareness training or phishing simulation activities for training of employees and contractors.
• Gather data and ensure management attention towards key risk indicator (KRI) metrics for security. 
• Monitor assigned issues through regular follow-up and reporting to ensure management attention and timely remediation.
  
  

What We’re Looking For:

We are seeking a team member with 2+ years experience in technology operations, technology audit, or GRC. They will be a significant contributor to the security program.

The following skills/competencies are required:

• You’ve operated security controls in an IT operations role, or served as a Staff or Senior-level auditor (in public accounting or internal audit), or previously worked in a security role successfully.
• You have knowledge and familiarity with the principles of security risk management, including the CIA triad, design and operation of controls, and one or more control governance frameworks.
• You ha